Published

Last Push

Marketplace Rating

Discussion

Readme from Github

vault-graylog-content-pack

NOTE
I am a aware the Graylog Pipelines are a better fit for this, and I am using Pipelines for my own use of Vault.
I'll add a Pipeline to the content pack (that will also reformat the main message to no longer be a big blob of
JSON) as soon as Graylog allows to include Pipelines in Content Packs

This content pack contains

A TCP listner on port 5553, with extractors to parse the audit log JSON,
as well as adding fields for the vault mount and the name of the secret accessed/removed.